Nothing Special   »   [go: up one dir, main page]

US20020010786A1 - Data transmitting apparatus and method - Google Patents

Data transmitting apparatus and method Download PDF

Info

Publication number
US20020010786A1
US20020010786A1 US09/867,772 US86777201A US2002010786A1 US 20020010786 A1 US20020010786 A1 US 20020010786A1 US 86777201 A US86777201 A US 86777201A US 2002010786 A1 US2002010786 A1 US 2002010786A1
Authority
US
United States
Prior art keywords
unit
data
server
firewall
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US09/867,772
Inventor
Axel Brandes
Ralph Behrens
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Harman Becker Automotive Systems GmbH
Original Assignee
Becker GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=7643536&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=US20020010786(A1) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Becker GmbH filed Critical Becker GmbH
Assigned to BECKER GMBH reassignment BECKER GMBH ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BEHRENS, RALPH, BRANDES, AXEL
Publication of US20020010786A1 publication Critical patent/US20020010786A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/029Firewall traversal, e.g. tunnelling or, creating pinholes

Definitions

  • the present invention relates to the field of server-client systems, and in particular to a system that includes a client having a firewall and communicates with the server via a wireless communications channel.
  • firewalls are often used to provide a single point of entry where a defense can be implemented, allowing access to resources on the Internet, while providing controlled access to the client.
  • a connection is established via a firewall, which checks the transmitted data and prevents a direct and secure connection between the client and the server.
  • a disadvantage of prior art systems that include a firewall is that the constant checking of the transmitted data does not allow a direct and secure connection between the client and the server.
  • Data traffic takes place between a server and a client, via a firewall, such that the firewall prevents further processing and/or forwarding of unallowed data to and/or from at least one of the data processing modules.
  • Another modification of the invention specifies that data traffic influenced by the firewall takes place between at least one second data processing module, from which data traffic to the server takes place without influence from the firewall and a first data processing module, from which data traffic to the server takes place under the influence of the firewall.
  • This connection assures rapid data exchange between individual secure and insecure data processing modules, without thereby giving up security-specific aspects.
  • the firewall checks data which are to be processed further, regardless whether they have been transmitted from the server via a direct non-secure data channel or a secure data channel.
  • Data furnished by a data medium are conducted to at least a first data processing module.
  • the firewall can prevent data which are furnished by a data medium but which are prohibited from being further processed by and/or forwarded to the first data processing module.
  • the firewall is preferably connected between a receiving module and at least one data processing module inside the client.
  • Standard-conforming and commercial programs may be used to connect the client to the server.
  • development costs can be saved when compared to a special client-server connection, which may require consultation with the server operator or the service provider.
  • At least one second data processing module is connected to the receiving module, and thus unhindered data transfer is possible to this second data processing module. Transfers in connection with which no security-specific aspects need to be considered can be handled by this second data processing module.
  • the second data processing module is connected to the firewall. In this way, secure data transport is possible between the first and the second data processing module. Unauthorized transfer from the server via the second data processing module to the first data processing module is not possible.
  • At least one first data processing module is connected to a data medium.
  • the firewall is connected between the first data processing module and the data medium.
  • An especially advantageous modification of the invention specifies that the receiving module is simultaneously a transmission module. On the one hand, this permits the usually desirable correspondence with another client connected to the server and, on the other hand, makes possible the retrieval of information from the server.
  • the server may be a network server of a public network.
  • the method and apparatus of the present invention consequently specify that the system not only satisfies the security-relevant aspects of a limited (local) network, but also those of a publicly accessible network.
  • the specified solution permits, for example, a secure connection to a public server (e.g., to do banking business) without having to give up checking the transmitted data.
  • a public server e.g., to do banking business
  • the expense for adapting the proposed solution remains quite minimal, since no knowledge of the transmission technique itself is necessary.
  • the principle of this proposed data transmission system is therefore universally applicable. Thus, for example a connection to any Internet server is also possible.
  • the second data processing module includes a browser client.
  • the browser client can be a special type for mobile networks (e.g., a WAP browser) and, in the future also a full-featured Internet browser (e.g., Netscape Communicator or Microsoft Internet Explorer type browsers).
  • the first data processing module includes an audio unit and/or a video unit.
  • the audio unit may contain, for example, functions such as a tuner, amplifier, or an equalizer.
  • a video unit integrated into the system can be used as a television or as a picture telephone with a connected camera. The inventive system thus permits any data traffic and especially interactive data traffic.
  • the client may be part of a mobile unit.
  • the first data processing module may include a navigation unit.
  • the navigation unit receives position data and routes calculated on the server through its connection to the public network, and can process the data. For example, a freight-forwarding business can in this way inform its drivers about new jobs and routes.
  • the mobile unit may be a motor vehicle such as a car or truck.
  • the first data processing module may include a telematic application.
  • the telematic application can include telematic services such as dynamic traffic information (VINFO), traffic-jam reports, route recommendations, emergency services, parking and traffic guide information, etc. These applications and services are sensitive to the data that are being processed. For this reason, these data must be checked for the correctness of their content before they are transmitted to or processed by the telematic application, since syntactically correct data with erroneous semantics can disturb the function of the telematic application and thus the function of the particular automobile.
  • VINFO dynamic traffic information
  • traffic-jam reports e.g., route recommendations, emergency services, parking and traffic guide information, etc.
  • FIG. 1 is a block diagram illustration of a first prior art data transmission system
  • FIG. 2 is a block diagram illustration of a second prior art data transmission system
  • FIG. 3 is a block diagram illustration of a data transmission system according to the present invention.
  • FIG. 4 pictorially illustrates data flow in the firewall of the data transmission system of FIG. 3;
  • FIG. 5 pictorially illustrates various data flow scenarios in the firewall of the data transmission system of FIG. 3;
  • FIG. 6 pictorially illustrates a data flow when requesting an Internet page with telematic (or audio) data in the transmission system of FIG. 3.
  • FIG. 3 illustrates a data transmission system according to the present invention.
  • FIGS. 1 and 2 illustrate prior art data transmission systems.
  • the data transmission systems of FIGS. 1 to 3 illustrate the connection of a motor vehicle to a public network.
  • the data transmission system of FIG. 2 does not include a firewall, and there is no checking of the transmitted data.
  • the system is thus based essentially on a server 1 b and a client 3 b .
  • the client 3 b includes a main unit 310 b , various end devices 320 b , and a communication manager 330 b .
  • the main unit 310 b includes a browser client 312 b that contains control logic, various functional units 314 b , which service the browser client 312 b with various device functionalities, a display unit 310 . 1 b, and an input unit 310 . 2 b .
  • the display unit 310 . 1 b and the input unit 310 . 2 b are preferably components of an operating unit 314 . 3 b .
  • the functional units 314 b also include a network access 314 . 1 b , a unit for local services 314 . 2 b , and other units, generically identified by the reference symbol 314
  • a communication manager 330 b includes a network services unit 332 b that provides network functions to the main unit 310 .
  • the communication manager 330 b also includes an application download unit 336 b that controls the downloading of firmware and/or software.
  • the end devices 320 b include a plurality of units such as a navigation unit 320 . 1 b, an audio unit 320 . 2 b and other conventional units 320 . 4 b.
  • the server 1 b is connected to the network services unit 332 b via a gateway 2 b .
  • the server-client connection 4 b is preferably a wireless communication link 4 b .
  • the network services unit 332 b is connected to the network access unit 314 . 1 b of the main unit 310 .
  • the network services unit 332 b is also connected to the individual end devices 320 b , such as for example the navigation unit 320 . 1 b, the audio unit 320 . 2 b , the other units 320 . 4 b , and the local services unit 314 . 2 b.
  • the data transmission system illustrated in FIG. 1 is based on a protected data transfer between a client and a server.
  • the system illustrated in FIG. 1 is similar to the system illustrated in FIG. 2, however the communications unit manager includes a firewall 334 a .
  • the system illustrated in FIG. 2 is again based on a server 1 a and a client 3 a .
  • the client 3 a includes a main unit 310 a , various end devices 320 a , and a communication manager 330 a .
  • the main unit 310 a again includes a browser client 312 a that contains control logic, various functional units 314 a , which service the browser client 312 a with various device functionalities, a display unit 310 . 1 a, and an input unit 310 . 2 a .
  • the display unit 310 . 1 a and the input unit 310 . 2 a are the essential components of an operating unit 314 . 3 a .
  • the functional units 314 a include a network access 314 . 1 a, a unit for local services 314 . 2 a , the operating unit 314 . 3 a , and possible other units 314 . 4 .
  • the firewall 334 a is connected between the gateway 2 a and the unit for network services 332 a.
  • FIG. 3 is a block diagram illustration of a data transmission system according to the present invention.
  • the system is based on a server 1 and a client 3 .
  • the client 3 includes a main unit 310 , various end devices 320 a and a communication manger 330 .
  • the main unit 310 includes a browser client 312 that contains control logic and various functional units 314 , which service the browser client 312 with various device functionalities.
  • the main unit 310 also includes a display unit 310 . 1 , and an input unit 310 . 2 .
  • the display unit 310 . 1 and the input unit 310 . 2 are components of an operating unit 314 . 3 .
  • the functional units 314 include a network access 314 . 1 , a unit for local services 314 . 2 , the already-mentioned operating unit 314 . 3 , and possible other units 314 . 4 .
  • the data transmission system of FIG. 3 like the data transmission system of FIG. 1, has a firewall 334 .
  • this firewall 334 is not connected between the gateway 2 and the network services unit 332 , as is the case in FIG. 1, but between the network services unit 332 and the individual end devices 320 .
  • the firewall 334 is connected to the application download unit 336 as well as to the local services unit 314 . 2 .
  • the network services unit 332 , the firewall 334 , and the application download unit 336 are preferably components of the communication manager 330 .
  • FIG. 4 is a pictorial illustration of data flow between various components and the firewall 334 .
  • the firewall 334 permits data flow between: (i) the local services unit 314 . 2 of the browser client 312 and the individual end devices 320 , (ii) the application download unit 336 and these end devices 320 , (iii) the application download unit 336 and the network services unit 332 , and (iv) the network services unit 332 and the end devices 320 .
  • a first example demonstrates how a firmware update of the navigation unit 320 . 1 b proceeds; a second example demonstrates retrieval of an Internet page; a third example describes a telematic application; and a fourth example describes the reception of an audio signal via Wireless Application Protocol (WAP).
  • WAP Wireless Application Protocol
  • the server 1 autonomously initiates a firmware update of the navigation unit 320 . 1 by transmitting special messages to the application download unit 336 via the network services unit 332 and the firewall 334 in the communication manager 330 .
  • the firewall 334 checks the data and discards them if necessary.
  • the data flow of this example is identified in FIG. 5 with the reference symbol A.
  • the prior art data transmission system of FIG. 1 cannot autonomously perform such a firmware update, since the firewall 334 a will not permit this.
  • the prior art data transmission system illustrated in FIG. 2 can autonomously initiate and implement a firmware update of the navigation unit, but there is no data check. As a result, data transfer secured against unauthorized access is not guaranteed.
  • the user retrieves a page from the Internet (server 1 ), and immediately sees this displayed directly on the display unit 310 . 1 . If merely a retrieval and display of information are involved, the communication takes place in the standardized region between the browser client 312 and the server 1 (i.e., there is not data transfer via the firewall 334 ). In principle, any arbitrary Internet page can be retrieved and displayed. Which pages are displayed depends on the browser client 312 that is being used.
  • vehicle-specific data are to be downloaded and processed further (e.g., the transfer of position data to the navigation unit 320 . 1 ) these data are checked by the firewall 334 of the communication manager 330 , and subsequently are either forwarded or discarded. If the data are forwarded, data flow takes place through the firewall 334 . This data flow is identified in FIG. by the reference symbol B.
  • these data can be traffic information, traffic-jam information, or accident information. These are transmitted directly from a server to the navigation unit.
  • the data are generally retrieved by the operator via the operating unit 314 . 3 or the input unit 310 . 2 , the network access 314 . 1 , the network services unit 332 , the gateway 2 to the server 1 .
  • This request data stream (i.e., the route of the data request) is identified in FIG. 6 with the reference symbols X 1 , X 2 , X 3 , and X 4 .
  • the data are then transmitted from the server 1 via the gateway 2 to the network services unit 332 , and from there further via the network access 314 . 1 , the local services unit 314 . 2 , the firewall 334 , to the telematic application 320 . 3 .
  • the route of data transmission is identified in FIG. 6 by the reference symbols Y 1 , Y 2 , Y 3 , Y 4 , and Y 5 .
  • the user of the vehicle retrieves an Internet page that offers audio data.
  • the user chooses an audio file, which subsequently is transmitted to the audio unit 320 . 2 .
  • the audio unit then plays this audio data stream.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
  • Photoreceptors In Electrophotography (AREA)
  • Reduction Or Emphasis Of Bandwidth Of Signals (AREA)

Abstract

Data transmitted between a server and a client with a data processing module and with a firewall, is investigated by the firewall for security-specific aspects. The firewall controls the data traffic such that further processing and/or forwarding of unallowed data to and/or from at least one of the data processing modules.

Description

    BACKGROUND OF THE INVENTION
  • The present invention relates to the field of server-client systems, and in particular to a system that includes a client having a firewall and communicates with the server via a wireless communications channel. [0001]
  • When a direct connection from a client computing device to a server is established, there is no checking of the transmitted data. As a result, free access from the client to the server, and free access from the server to the client are both possible. [0002]
  • If the server is within a public network, then in principle every subscriber to the public network as well as the server itself has access to the client. Therefore, unauthorized access to the client is also possible. In the past, it has frequently become apparent what devastating effects and consequences such unauthorized access can have. To restrict access, firewalls are often used to provide a single point of entry where a defense can be implemented, allowing access to resources on the Internet, while providing controlled access to the client. [0003]
  • Between the client and the server a connection is established via a firewall, which checks the transmitted data and prevents a direct and secure connection between the client and the server. A disadvantage of prior art systems that include a firewall is that the constant checking of the transmitted data does not allow a direct and secure connection between the client and the server. [0004]
  • Therefore, there is a need for a data transmission method and apparatus in which a direct connection between the client and the server exists, and transmitted data can be checked in accordance with security-specific aspects to prevent unauthorized access. [0005]
    • SUMMARY OF THE INVENTION
  • Data traffic takes place between a server and a client, via a firewall, such that the firewall prevents further processing and/or forwarding of unallowed data to and/or from at least one of the data processing modules. [0006]
  • Data traffic uninfluenced by the firewall takes place between the server and at least one second data processing module. This is especially appropriate when information is to be exchanged that does not contain security-relevant data and, on the basis of which, no independent processes are initiated. Nevertheless, it continues to be assured that the data flow between the first processing module and the server is checked in accordance with security-specific aspects and that the transfer is prohibited in certain circumstances. [0007]
  • Another modification of the invention specifies that data traffic influenced by the firewall takes place between at least one second data processing module, from which data traffic to the server takes place without influence from the firewall and a first data processing module, from which data traffic to the server takes place under the influence of the firewall. This connection assures rapid data exchange between individual secure and insecure data processing modules, without thereby giving up security-specific aspects. The firewall checks data which are to be processed further, regardless whether they have been transmitted from the server via a direct non-secure data channel or a secure data channel. [0008]
  • Data furnished by a data medium are conducted to at least a first data processing module. The firewall can prevent data which are furnished by a data medium but which are prohibited from being further processed by and/or forwarded to the first data processing module. [0009]
  • The firewall is preferably connected between a receiving module and at least one data processing module inside the client. Standard-conforming and commercial programs may be used to connect the client to the server. As a result, development costs can be saved when compared to a special client-server connection, which may require consultation with the server operator or the service provider. [0010]
  • At least one second data processing module is connected to the receiving module, and thus unhindered data transfer is possible to this second data processing module. Transfers in connection with which no security-specific aspects need to be considered can be handled by this second data processing module. [0011]
  • The second data processing module is connected to the firewall. In this way, secure data transport is possible between the first and the second data processing module. Unauthorized transfer from the server via the second data processing module to the first data processing module is not possible. [0012]
  • At least one first data processing module is connected to a data medium. In addition, in one embodiment, the firewall is connected between the first data processing module and the data medium. [0013]
  • An especially advantageous modification of the invention specifies that the receiving module is simultaneously a transmission module. On the one hand, this permits the usually desirable correspondence with another client connected to the server and, on the other hand, makes possible the retrieval of information from the server. [0014]
  • The server may be a network server of a public network. The method and apparatus of the present invention consequently specify that the system not only satisfies the security-relevant aspects of a limited (local) network, but also those of a publicly accessible network. The specified solution permits, for example, a secure connection to a public server (e.g., to do banking business) without having to give up checking the transmitted data. Furthermore, if in the future new transmission networks are developed and used, the expense for adapting the proposed solution remains quite minimal, since no knowledge of the transmission technique itself is necessary. The principle of this proposed data transmission system is therefore universally applicable. Thus, for example a connection to any Internet server is also possible. [0015]
  • In a preferred embodiment, the second data processing module includes a browser client. The browser client can be a special type for mobile networks (e.g., a WAP browser) and, in the future also a full-featured Internet browser (e.g., Netscape Communicator or Microsoft Internet Explorer type browsers). [0016]
  • The first data processing module includes an audio unit and/or a video unit. The audio unit may contain, for example, functions such as a tuner, amplifier, or an equalizer. A video unit integrated into the system can be used as a television or as a picture telephone with a connected camera. The inventive system thus permits any data traffic and especially interactive data traffic. [0017]
  • The client may be part of a mobile unit. [0018]
  • The first data processing module may include a navigation unit. The navigation unit receives position data and routes calculated on the server through its connection to the public network, and can process the data. For example, a freight-forwarding business can in this way inform its drivers about new jobs and routes. [0019]
  • The mobile unit may be a motor vehicle such as a car or truck. [0020]
  • The first data processing module may include a telematic application. The telematic application can include telematic services such as dynamic traffic information (VINFO), traffic-jam reports, route recommendations, emergency services, parking and traffic guide information, etc. These applications and services are sensitive to the data that are being processed. For this reason, these data must be checked for the correctness of their content before they are transmitted to or processed by the telematic application, since syntactically correct data with erroneous semantics can disturb the function of the telematic application and thus the function of the particular automobile. [0021]
  • These and other objects, features and advantages of the present invention will become more apparent in light of the following detailed description of preferred embodiments thereof, as illustrated in the accompanying drawings.[0022]
    • BRIEF DESCRIPTION OF THE DRAWING
  • FIG. 1 is a block diagram illustration of a first prior art data transmission system; [0023]
  • FIG. 2 is a block diagram illustration of a second prior art data transmission system; [0024]
  • FIG. 3 is a block diagram illustration of a data transmission system according to the present invention; [0025]
  • FIG. 4 pictorially illustrates data flow in the firewall of the data transmission system of FIG. 3; [0026]
  • FIG. 5 pictorially illustrates various data flow scenarios in the firewall of the data transmission system of FIG. 3; and [0027]
  • FIG. 6 pictorially illustrates a data flow when requesting an Internet page with telematic (or audio) data in the transmission system of FIG. 3.[0028]
    • DETAILED DESCRIPTION OF THE INVENTION
  • FIG. 3 illustrates a data transmission system according to the present invention. To clarify how this inventive data transmission system differs from those of the prior art, FIGS. 1 and 2 illustrate prior art data transmission systems. In one embodiment, the data transmission systems of FIGS. [0029] 1 to 3 illustrate the connection of a motor vehicle to a public network.
  • The data transmission system of FIG. 2 does not include a firewall, and there is no checking of the transmitted data. The system is thus based essentially on a [0030] server 1 b and a client 3 b. The client 3 b includes a main unit 310 b, various end devices 320 b, and a communication manager 330 b. The main unit 310 b includes a browser client 312 b that contains control logic, various functional units 314 b, which service the browser client 312 b with various device functionalities, a display unit 310.1 b, and an input unit 310.2 b. The display unit 310.1 b and the input unit 310.2 b are preferably components of an operating unit 314.3 b. The functional units 314 b also include a network access 314.1 b, a unit for local services 314.2 b, and other units, generically identified by the reference symbol 314.4 b.
  • A [0031] communication manager 330 b includes a network services unit 332 b that provides network functions to the main unit 310. The communication manager 330 b also includes an application download unit 336 b that controls the downloading of firmware and/or software. The end devices 320 b include a plurality of units such as a navigation unit 320.1 b, an audio unit 320.2 b and other conventional units 320.4 b.
  • The [0032] server 1 b is connected to the network services unit 332 b via a gateway 2 b. The server-client connection 4 b is preferably a wireless communication link 4 b. The network services unit 332 b is connected to the network access unit 314.1 b of the main unit 310. The network services unit 332 b is also connected to the individual end devices 320 b, such as for example the navigation unit 320.1 b, the audio unit 320.2 b, the other units 320.4 b, and the local services unit 314.2 b.
  • The data transmission system illustrated in FIG. 1 is based on a protected data transfer between a client and a server. The system illustrated in FIG. 1 is similar to the system illustrated in FIG. 2, however the communications unit manager includes a [0033] firewall 334 a. The system illustrated in FIG. 2 is again based on a server 1 a and a client 3 a. The client 3 a includes a main unit 310 a, various end devices 320 a, and a communication manager 330 a.
  • The [0034] main unit 310 a again includes a browser client 312 a that contains control logic, various functional units 314 a, which service the browser client 312 a with various device functionalities, a display unit 310.1 a, and an input unit 310.2 a. The display unit 310.1 a and the input unit 310.2 a are the essential components of an operating unit 314.3 a. The functional units 314 a include a network access 314.1 a, a unit for local services 314.2 a, the operating unit 314.3 a, and possible other units 314.4. The firewall 334 a is connected between the gateway 2 a and the unit for network services 332 a.
  • FIG. 3 is a block diagram illustration of a data transmission system according to the present invention. The system is based on a [0035] server 1 and a client 3. The client 3 includes a main unit 310, various end devices 320 a and a communication manger 330.
  • The [0036] main unit 310 includes a browser client 312 that contains control logic and various functional units 314, which service the browser client 312 with various device functionalities. The main unit 310 also includes a display unit 310.1, and an input unit 310.2.
  • The display unit [0037] 310.1 and the input unit 310.2 are components of an operating unit 314.3. The functional units 314 include a network access 314.1, a unit for local services 314.2, the already-mentioned operating unit 314.3, and possible other units 314.4.
  • The data transmission system of FIG. 3, like the data transmission system of FIG. 1, has a [0038] firewall 334. However, this firewall 334 is not connected between the gateway 2 and the network services unit 332, as is the case in FIG. 1, but between the network services unit 332 and the individual end devices 320. Furthermore, the firewall 334 is connected to the application download unit 336 as well as to the local services unit 314.2. The network services unit 332, the firewall 334, and the application download unit 336 are preferably components of the communication manager 330.
  • FIG. 4 is a pictorial illustration of data flow between various components and the [0039] firewall 334. The firewall 334 permits data flow between: (i) the local services unit 314.2 of the browser client 312 and the individual end devices 320, (ii) the application download unit 336 and these end devices 320, (iii) the application download unit 336 and the network services unit 332, and (iv) the network services unit 332 and the end devices 320.
  • To clarify the inventive principle, four examples of data transfer via the [0040] firewall 334 will be presented below. A first example demonstrates how a firmware update of the navigation unit 320.1 b proceeds; a second example demonstrates retrieval of an Internet page; a third example describes a telematic application; and a fourth example describes the reception of an audio signal via Wireless Application Protocol (WAP).
    • EXAMPLE #1 Firmware Update of the Navigation Unit
  • Referring to FIG. 3, the [0041] server 1 autonomously initiates a firmware update of the navigation unit 320.1 by transmitting special messages to the application download unit 336 via the network services unit 332 and the firewall 334 in the communication manager 330. The firewall 334 checks the data and discards them if necessary. The data flow of this example is identified in FIG. 5 with the reference symbol A.
  • In contrast, the prior art data transmission system of FIG. 1 cannot autonomously perform such a firmware update, since the [0042] firewall 334 a will not permit this. The prior art data transmission system illustrated in FIG. 2 can autonomously initiate and implement a firmware update of the navigation unit, but there is no data check. As a result, data transfer secured against unauthorized access is not guaranteed.
    • EXAMPLE #2 Retrieving an Internet Page from the Server
  • Referring to FIG. 3, in the [0043] browser client 312, the user retrieves a page from the Internet (server 1), and immediately sees this displayed directly on the display unit 310.1. If merely a retrieval and display of information are involved, the communication takes place in the standardized region between the browser client 312 and the server 1 (i.e., there is not data transfer via the firewall 334). In principle, any arbitrary Internet page can be retrieved and displayed. Which pages are displayed depends on the browser client 312 that is being used.
  • As soon as vehicle-specific data are to be downloaded and processed further (e.g., the transfer of position data to the navigation unit [0044] 320.1) these data are checked by the firewall 334 of the communication manager 330, and subsequently are either forwarded or discarded. If the data are forwarded, data flow takes place through the firewall 334. This data flow is identified in FIG. by the reference symbol B.
  • In contrast, in the prior art system illustrated in FIG. 1, an Internet page can be retrieved, but the incoming data are always checked for security-specific aspects. A direct connection is not possible and data traffic is inhibited. If truly security-relevant data are transmitted, this constant checking is appropriate. Otherwise, a troublesome delay occurs. [0045]
  • In the prior art system illustrated in FIG. 2, it is always possible to retrieve an Internet page since there is no firewall, and as a result, unhindered data traffic takes place. Even security-relevant data are not checked. [0046]
    • EXAMPLE #3 Telematic Application
  • There are special methods for transmitting telematic data to the motor vehicle. For example, these data can be traffic information, traffic-jam information, or accident information. These are transmitted directly from a server to the navigation unit. The data are generally retrieved by the operator via the operating unit [0047] 314.3 or the input unit 310.2, the network access 314.1, the network services unit 332, the gateway 2 to the server 1. This request data stream (i.e., the route of the data request) is identified in FIG. 6 with the reference symbols X1, X2, X3, and X4.
  • The data are then transmitted from the [0048] server 1 via the gateway 2 to the network services unit 332, and from there further via the network access 314.1, the local services unit 314.2, the firewall 334, to the telematic application 320.3. The route of data transmission is identified in FIG. 6 by the reference symbols Y1, Y2, Y3, Y4, and Y5.
  • The data flow in the firewall [0049] 304 is shown by the arrows with the reference symbols C in FIG. 5.
    • EXAMPLE #4 Reception of an Audio Signal Via WAP
  • The user of the vehicle, for example, retrieves an Internet page that offers audio data. The user chooses an audio file, which subsequently is transmitted to the audio unit [0050] 320.2. The audio unit then plays this audio data stream.
  • For the data transfer in the systems according to FIGS. 1 and 2, the discussions regarding the [0051] exemplary scenarios 1 and 2 apply analogously.
  • Although the present invention has been shown and described with respect to several preferred embodiments thereof, various changes, omissions and additions to the form and detail thereof, may be made therein, without departing from the spirit and scope of the invention.[0052]

Claims (1)

What is claimed is:
1. A client automobile computing system that communicates over a wireless communication channel with a server, said client automobile computing system comprising:
a main unit that includes (i) a browser client component, (ii) a plurality of functional units including a local services unit that each service said browser client, (iii) a display unit and (iv) an input unit;
a communications manager component that includes
(i) a network services unit that receives data from the server and transmits data to the server;
(ii) an application download unit;
(iii) a firewall positioned between said network services unit and said application download unit; and
a plurality of electronic devices including a navigation unit and an audio unit that receive data from and send data to said firewall, wherein
said firewall permits data flow between: (i) said local services unit and said navigation unit and said audio unit, (ii) said application download unit and said navigation unit and said audio unit (iii) said application download unit and said network services unit, and (iv) said network services unit and said navigation unit and said audio unit.
US09/867,772 2000-05-26 2001-05-29 Data transmitting apparatus and method Abandoned US20020010786A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE10025929A DE10025929B4 (en) 2000-05-26 2000-05-26 Method for transmitting data
DE10025929.4 2000-05-26

Publications (1)

Publication Number Publication Date
US20020010786A1 true US20020010786A1 (en) 2002-01-24

Family

ID=7643536

Family Applications (1)

Application Number Title Priority Date Filing Date
US09/867,772 Abandoned US20020010786A1 (en) 2000-05-26 2001-05-29 Data transmitting apparatus and method

Country Status (4)

Country Link
US (1) US20020010786A1 (en)
EP (1) EP1158747B8 (en)
AT (1) ATE300828T1 (en)
DE (2) DE10025929B4 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020133491A1 (en) * 2000-10-26 2002-09-19 Prismedia Networks, Inc. Method and system for managing distributed content and related metadata
US20050136892A1 (en) * 2003-12-19 2005-06-23 General Motors Corporation WIFI authentication method
US20050246703A1 (en) * 2002-06-18 2005-11-03 Petri Ahonen Method and apparatus for programming updates from a network unit to a mobile device
WO2006018244A2 (en) * 2004-08-19 2006-02-23 Volkswagen Ag Transmission of data to a vehicle
CN107957858A (en) * 2017-12-25 2018-04-24 瀚科科技(大连)有限公司 A kind of primary and secondary synchronous display apparatus

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10225550A1 (en) * 2002-06-06 2003-12-18 Volkswagen Ag Communication platform in a motor vehicle

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6072431A (en) * 1997-11-13 2000-06-06 Trimble Navigation Limited Extensible GPS receiver system
US6161071A (en) * 1999-03-12 2000-12-12 Navigation Technologies Corporation Method and system for an in-vehicle computing architecture
US6389337B1 (en) * 2000-04-24 2002-05-14 H. Brock Kolls Transacting e-commerce and conducting e-business related to identifying and procuring automotive service and vehicle replacement parts

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5732074A (en) * 1996-01-16 1998-03-24 Cellport Labs, Inc. Mobile portable wireless communication system
US5898830A (en) * 1996-10-17 1999-04-27 Network Engineering Software Firewall providing enhanced network security and user transparency
US6292833B1 (en) * 1998-07-17 2001-09-18 Openwave Systems Inc. Method and apparatus for providing access control to local services of mobile devices
US6496935B1 (en) * 2000-03-02 2002-12-17 Check Point Software Technologies Ltd System, device and method for rapid packet filtering and processing

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6072431A (en) * 1997-11-13 2000-06-06 Trimble Navigation Limited Extensible GPS receiver system
US6161071A (en) * 1999-03-12 2000-12-12 Navigation Technologies Corporation Method and system for an in-vehicle computing architecture
US6389337B1 (en) * 2000-04-24 2002-05-14 H. Brock Kolls Transacting e-commerce and conducting e-business related to identifying and procuring automotive service and vehicle replacement parts

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020133491A1 (en) * 2000-10-26 2002-09-19 Prismedia Networks, Inc. Method and system for managing distributed content and related metadata
US20050246703A1 (en) * 2002-06-18 2005-11-03 Petri Ahonen Method and apparatus for programming updates from a network unit to a mobile device
US20050136892A1 (en) * 2003-12-19 2005-06-23 General Motors Corporation WIFI authentication method
US7548744B2 (en) * 2003-12-19 2009-06-16 General Motors Corporation WIFI authentication method
WO2006018244A2 (en) * 2004-08-19 2006-02-23 Volkswagen Ag Transmission of data to a vehicle
WO2006018244A3 (en) * 2004-08-19 2006-05-11 Volkswagen Ag Transmission of data to a vehicle
CN107957858A (en) * 2017-12-25 2018-04-24 瀚科科技(大连)有限公司 A kind of primary and secondary synchronous display apparatus

Also Published As

Publication number Publication date
ATE300828T1 (en) 2005-08-15
EP1158747B1 (en) 2005-07-27
DE10025929B4 (en) 2006-02-16
EP1158747B8 (en) 2005-09-28
EP1158747A3 (en) 2003-07-30
EP1158747A2 (en) 2001-11-28
DE50106861D1 (en) 2005-09-01
DE10025929A1 (en) 2001-12-06

Similar Documents

Publication Publication Date Title
US7039708B1 (en) Apparatus and method for establishing communication in a computer network
EP1008087B1 (en) Method and apparatus for remote network access logging and reporting
US6212640B1 (en) Resources sharing on the internet via the HTTP
US5809252A (en) Cable modem interface unit for capturing and processing incoming packets from a cable modem
US6334056B1 (en) Secure gateway processing for handheld device markup language (HDML)
US7310516B1 (en) Method and system for providing advanced notice of cost to access web content
US20050228984A1 (en) Web service gateway filtering
US6163844A (en) Method for granting accesses to information in a distributed computer system
KR100330615B1 (en) Method and system for using a cellular phone as a network gateway in an automotive network
US8190773B2 (en) System and method for accessing a web server on a device with a dynamic IP-address residing behind a firewall
US10298492B2 (en) System and method for interworking between vehicle controller and external resource
US20040152446A1 (en) Method for providing network access to a mobile terminal and corresponding network
US20080140571A1 (en) Method for controlling the distribution of vehicle-related data
US6912593B2 (en) Information switching platform
US7277915B2 (en) Application-based protocol and proxy selection by a mobile device in a multi-protocol network environment
CN112702336A (en) Security control method and device for government affair service, security gateway and storage medium
US20070136802A1 (en) Firewall device
US8042166B2 (en) Printing via user equipment
US20020010786A1 (en) Data transmitting apparatus and method
EP1305920A1 (en) A method of communication
CN114125027A (en) Communication establishing method and device, electronic equipment and storage medium
US5912896A (en) Cable modem interface unit for generating and transmitting reply control packets
US20150113125A1 (en) System and Method for Providing the Status of Safety Critical Systems to Untrusted Devices
CN100592736C (en) Context management system for a network comprising a heterogeneous group of terminals
US9282079B2 (en) Microkernel gateway server

Legal Events

Date Code Title Description
AS Assignment

Owner name: BECKER GMBH, GERMANY

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BRANDES, AXEL;BEHRENS, RALPH;REEL/FRAME:012149/0167

Effective date: 20010606

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION